RSS   Podatności dla 'Gnome-session'   RSS

2017-07-11
 
CVE-2017-11171

CWE-835
 

 
Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). Each failed authentication attempt will leak a file descriptor in gnome-session. When the maximum number of file descriptors is exhausted in the gnome-session process, it will enter an infinite loop trying to communicate without success, consuming 100% of the CPU. The graphical session associated with the gnome-session process will stop working correctly, because communication with gnome-session is no longer possible.

 

 >>> Vendor: Gnome 89 Produkty
Gnumeric
GDM
Gnome libs
Gnome-lokkit
Esound
Gnorpm
Libgtop daemon
Nautilus
Evolution
Bonobo
Gnome-terminal
Gtkhtml
EOG
Balsa
Batalla naval
Gdkpixbuf
GPDF
Libvte4
Libzvt2
Epiphany
Gedit
Networkmanager
Libgda2
DIA
Dwarf http server
Screensaver
Dhcdbd
Libgsf
Libsoup
Gconf
Power manager
Ekiga
Gnome-vfs
Gnome
YELP
GLIB
ORCA
Vinagre
Rhythmbox
Nautilus-python
Evolution-data-server
Gupnp
Gmime
Evince
Gnome-shell
Tomboy
Ifcfg-rh plug-in
Empathy
Update-manager-core
Gdk-pixbuf
Libgdata
At-spi2-atk
Librsvg
Libsocialweb
Gnome-keyring
Gnome display manager
Gnome online accounts
Geary
GCAB
VALA
Byzanz
Eye of gnome
Shotwell
Gtk-vnc
Libcroco
Gnome-session
Libgxps
Librest
Gthumb
Seahorse
GVFS
Gnome-desktop
Evolution-ews
Network manager vpnc
Gnome-system-log
Gnome-font-viewer
Gnome keyring
Evolution data server
File-roller
Glib-networking
Gnome-autoar
Libgrss
Libgda
Libgfbgraph
Grilo
Evolution-rss
Libzapojit
Ocrfeeder
Caribou


Copyright 2024, cxsecurity.com

 

Back to Top